55 matches found
CVE-2026-64103
In the Linux kernel, the following vulnerability has been resolved: scsi: isci: Fix use-after-free in device removal path The ISCI completion tasklet is initialized in iscihostalloc drivers/scsi/isci/init.c:496 and scheduled from both MSI-X and legacy interrupt handlers...
EUVD-2026-45788
In the Linux kernel, the following vulnerability has been resolved: scsi: isci: Fix use-after-free in device removal path The ISCI completion tasklet is initialized in iscihostalloc drivers/scsi/isci/init.c:496 and scheduled from both MSI-X and legacy interrupt handlers...
CVE-2026-63977
CVE-2026-63977 affects the Linux kernel DPLL subsystem for zl3073x. The issue stemmed from the change_work mechanism used to send device-change notifications from DPLL device callbacks under dpll_lock, which could race during device teardown if change_work was re-scheduled after cancel_work_sync(...
EUVD-2026-45750
In the Linux kernel, the following vulnerability has been resolved: dpll: zl3073x: use dplldevicechangentf and remove changework The changework was introduced to send device change notifications from DPLL device callbacks without deadlocking on dplllock, since the callbacks are already invoked...
PT-2026-61294
In the Linux kernel, the following vulnerability has been resolved: dpll: zl3073x: use dpll device change ntf and remove change work The change work was introduced to send device change notifications from DPLL device callbacks without deadlocking on dpll lock, since the callbacks are already...
Linux Distros Unpatched Vulnerability : CVE-2026-53259
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after- free in ipv6chkacastaddr, which walks the global...
EUVD-2026-39210
In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...
PT-2026-52354
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue exists in the ipv6 chk acast addr function. The problem occurs when an anycast address aca is allocated and added to the idev-ac list under idev-lock, but is...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: xsk: Fixed a race condition in socket teardown Fixed a race condition in the xsk socket teardown code that could lead to a NULL pointer dereferencing. The current xskunbindcode in xskunbinddev starts by setting xs-state to...
CVE-2026-40290
A flaw was found in OP-TEE Trusted Execution Environment. A local attacker could exploit a user-after-free UAF race condition in the shared memory teardown logic when OP-TEE is configured as a Secure Partition Management Controller SPMC for Secure EL0 S-EL0 Secure Partitions. This vulnerability...
CVE-2026-46267
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...
EUVD-2026-34139
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...
EUVD-2026-34129
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...
CVE-2026-46267 nfc: hci: shdlc: Stop timers and work before freeing context
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...
CVE-2026-46267
CVE-2026-46267 affects the Linux kernel NFC HCI SHDLC subsystem. The root cause is that timers and state-machine work can remain active during llc_shdlc_deinit(), which purges SHDLC skb queues and frees the llc_shdlc structure while callbacks may still access SHDLC state and queues. If teardown r...
CVE-2026-46267 nfc: hci: shdlc: Stop timers and work before freeing context
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...
PT-2026-46030
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF condition exists in the Linux kernel's NFC HCI SHDLC implementation. The function llc shdlc deinit purges SHDLC skb queues and frees the llc shdlc structure while...
SUSE CVE-2026-46135
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...
CVE-2026-46213
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 "HID: appletb-kbd: fix slab use-after-free bug in appletbkbdprobe" added timerdeletesync&kbd-inactivitytimer to both the probe closehw error path and...
CVE-2026-46135
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...